[solved] Multiple VLANs for OpenVZ Container?

[r4pt0x]

I need to seperate our surveillance cameras from the rest of our LAN, so i chose to do it by VLANs. The switch (cisco) supports VLANs; Camera ports are configured as tagged VLAN 2 ports, the LAG for the 4 Proxmox-Server NICs is untagged member of VLAN1 and VLAN2.

What changes have to be made to the proxmox host and/or OpenVZ guest, allowing to connect the OpenVZ container to VLAN2?
Is it possible to add it to both VLANs via one venet-adapter? (The management console should be accessible from VLAN1)
Currently neither the proxmox-host nor the zoneminder-machine can access the cameras in VLAN2.
The /etc/network/interfaces of the guest is auto-generated (by the hostsystem?), so where can i directly and persistent edit the containers network settings?

 

[udo]

Re: Multiple VLANs for OpenVZ Container?

Hi,
I recommend to use bridges networks in this case. Create an bridge for each vlan and provide one nic in this vlan to your VM (openvz or kvm).

Udo

 

[r4pt0x]

Re: Multiple VLANs for OpenVZ Container?

Here's how i solved it (there seems to be a bug when using venet and veth devices together within different VLANs!?)

- VLAN1 = "standard" LAN for all clients and services
- VALN2 = IP-cam VLAN, encapsulated from the rest of the network

At the switch all ports for IP-cams are set to VLAN2 "untagged" / VLAN1 excluded
The LAG through which the server is connected is configured as VLAN1 untagged / VLAN2 tagged

At the proxmox-host i added a new bridge device vmbr1 with "bridge_ports bond0.2" for VLAN ID2

The host gets 2 veth devices:
eth0 connected to vmbr0, eth1 to vmbr1
The only fully configured device is eth0, eth1 only gets an ip-address and netmask. Via "up route add -host" the routing table gets the entries for the IP-cams, routed via eth1.

As soon as i tried to connect VLAN1 through a venet-device, the client wasn't either accessible from VLAN1 or had no access to VLAN2! Don't know if its a bug or i've missed something in the configuration.